From ed4ed5c6ea7458c1aff529d800316e18c0119762 Mon Sep 17 00:00:00 2001
From: Super Liu <supercjliu@google.com>
Date: Wed, 4 Jan 2023 01:31:23 +0000
Subject: [PATCH] Add sepolicy for sysfs_touch type.

Bug: 263108813
Test: TreeHugger build pass.
Signed-off-by: Super Liu <supercjliu@google.com>
Change-Id: I337863e7df3195deecc6de0202cded610118bfe0
---
 touch/nvt/nvt.mk                    | 1 +
 touch/nvt/sepolicy/file.te          | 1 +
 touch/nvt/sepolicy/system_server.te | 2 ++
 3 files changed, 4 insertions(+)
 create mode 100644 touch/nvt/nvt.mk
 create mode 100644 touch/nvt/sepolicy/file.te
 create mode 100644 touch/nvt/sepolicy/system_server.te

diff --git a/touch/nvt/nvt.mk b/touch/nvt/nvt.mk
new file mode 100644
index 0000000..9655a75
--- /dev/null
+++ b/touch/nvt/nvt.mk
@@ -0,0 +1 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/touch/nvt/sepolicy
diff --git a/touch/nvt/sepolicy/file.te b/touch/nvt/sepolicy/file.te
new file mode 100644
index 0000000..e310df7
--- /dev/null
+++ b/touch/nvt/sepolicy/file.te
@@ -0,0 +1 @@
+type sysfs_touch, sysfs_type, fs_type;
diff --git a/touch/nvt/sepolicy/system_server.te b/touch/nvt/sepolicy/system_server.te
new file mode 100644
index 0000000..d65d811
--- /dev/null
+++ b/touch/nvt/sepolicy/system_server.te
@@ -0,0 +1,2 @@
+allow system_server sysfs_touch:dir r_dir_perms;
+allow system_server sysfs_touch:file r_file_perms;